package com.woniu.woniuk16.securityUtil;

import com.woniu.woniuk16.mapper.WoniuResourceMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import javax.annotation.Resource;
import java.util.Arrays;

import static java.util.Collections.singletonList;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private RedisTemplate<String,Object> rtl;
    @Resource
    private WoniuResourceMapper woniuResourceMapper;

    UrlBasedCorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource cfs = new UrlBasedCorsConfigurationSource();
        CorsConfiguration cors = new CorsConfiguration();
        cors.addAllowedOriginPattern("*");
        cors.addAllowedMethod("*");
        cors.setAllowCredentials(true);
        cors.addAllowedHeader("*");
        cfs.registerCorsConfiguration("/**", cors);
        return cfs;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        LoginErrorHandler loginErrorHandler = new LoginErrorHandler();
        //关闭默认配置
        http.addFilterAfter(new SafeFilter(loginErrorHandler,rtl,woniuResourceMapper), FilterSecurityInterceptor.class).
                httpBasic().disable()
                //关闭csrf
                .csrf().disable()
                .authorizeRequests()
                    //以下请求不进行权限验证
                    .antMatchers("/redis/**","/woniuAccount/nonelogin","/login","/woniuMenus/menus/**","/woniuClassUser/**").permitAll()
                    //其余的进行验证
                    .anyRequest().authenticated()
                    .and()
                //登陆验证
                .formLogin()
                    //如果没有登陆，跳转以下url
                    .loginPage("/woniuAccount/nonelogin")
                    //配置登陆过滤器的url
                    .loginProcessingUrl("/login")
                    //添加成功处理器对象
                    .successHandler(new LoginSuccessHandler())
                    //添加失败处理器对象
                    .failureHandler(loginErrorHandler)
                    .and()
                //配置跨域
                .cors().configurationSource(corsConfigurationSource());

    }
    @Bean
    public PasswordEncoder createPasswordEncoder() {
        //创建默认的一个加密解析器实现对象
        return new BCryptPasswordEncoder();
    }

}
